CORS preflight OPTIONS request to API returns 404 #2752

New Issue

Closed

opened 2025-11-02 04:46:43 -06:00 by GiteaMirror · 10 comments

GiteaMirror commented 2025-11-02 04:46:43 -06:00

Owner

Copy Link

Originally created by @salcedo on GitHub (Jan 14, 2019).

• Gitea version (or commit ref): 1.6.1
• Git version: 2.20.1
• Operating system: OpenBSD 6.4
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL)
  • No
  • Not relevant
• Log gist:

Description

I'm working on a project that will make some requests to Gitea's API. As my project is on a different origin, my browser sends a CORS preflight (an OPTIONS request).

Gitea doesn't handle an OPTIONS request, and returns 404.

How to fix?

Works:

curl -X GET https://git.example.com/api/v1/repos/search

Returns 404:

curl -X OPTIONS https://git.example.com/api/v1/repos/search

Screenshots

Originally created by @salcedo on GitHub (Jan 14, 2019). <!-- 1. Please speak English, this is the language all of us can speak and write. 2. Please ask questions or configuration/deploy problems on our Discord server (https://discord.gg/NsatcWJ) or forum (https://discourse.gitea.io). 3. Please take a moment to check that your issue doesn't already exist. 4. Please give all relevant information below for bug reports, because incomplete details will be handled as an invalid report. --> - Gitea version (or commit ref): 1.6.1 - Git version: 2.20.1 - Operating system: OpenBSD 6.4 - Database (use `[x]`): - [x] PostgreSQL - [ ] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x] Not relevant - Log gist: ## Description I'm working on a project that will make some requests to Gitea's API. As my project is on a different origin, my browser sends a CORS preflight (an OPTIONS request). Gitea doesn't handle an OPTIONS request, and returns 404. How to fix? ### Works: ``` curl -X GET https://git.example.com/api/v1/repos/search ``` ### Returns 404: ``` curl -X OPTIONS https://git.example.com/api/v1/repos/search ``` ## Screenshots <!-- **If this issue involves the Web Interface, please include a screenshot** -->

GiteaMirror added the issue/confirmedtype/enhancement labels 2025-11-02 04:46:43 -06:00

GiteaMirror closed this issue 2025-11-02 04:46:43 -06:00

GiteaMirror commented 2025-11-02 04:46:44 -06:00

Author

Owner

Copy Link

@techknowlogick commented on GitHub (Jan 14, 2019):

Closed as duplicate of #5700

There is a PR in works to resolve this

@techknowlogick commented on GitHub (Jan 14, 2019): Closed as duplicate of #5700 There is a PR in works to resolve this

GiteaMirror commented 2025-11-02 04:46:44 -06:00

Author

Owner

Copy Link

@JuhoHeiskanen commented on GitHub (Jan 23, 2019):

This issue is technically not a duplicate since #5700 deals with the git smart http protocol, not the Gitea API. Pull #5719 that closed the "duplicate" issue does not resolve this one.

@JuhoHeiskanen commented on GitHub (Jan 23, 2019): This issue is technically not a duplicate since #5700 deals with the git smart http protocol, not the Gitea API. Pull #5719 that closed the "duplicate" issue does not resolve this one.

GiteaMirror commented 2025-11-02 04:46:44 -06:00

Author

Owner

Copy Link

@techknowlogick commented on GitHub (Jan 23, 2019):

Access-Control-Allow-Origin header And OPTIONS method response were implemented with that ticket the users purpose may have been for different purposes but they indeed accomplished the same goal

@techknowlogick commented on GitHub (Jan 23, 2019): Access-Control-Allow-Origin header And OPTIONS method response were implemented with that ticket the users purpose may have been for different purposes but they indeed accomplished the same goal

GiteaMirror commented 2025-11-02 04:46:45 -06:00

Author

Owner

Copy Link

@JuhoHeiskanen commented on GitHub (Jan 23, 2019):

As far as I can tell, the Gitea API is unaffected by that change. The change does not seem to affect the /api/v1/repos/search endpoint.

@JuhoHeiskanen commented on GitHub (Jan 23, 2019): As far as I can tell, the Gitea API is unaffected by that change. The change does not seem to affect the `/api/v1/repos/search` endpoint.

GiteaMirror commented 2025-11-02 04:46:45 -06:00

Author

Owner

Copy Link

@JuhoHeiskanen commented on GitHub (Jan 23, 2019):

To be more clear, the pull did not implement CORS header support for the API, but it did implement support for them in git-over-http.

@JuhoHeiskanen commented on GitHub (Jan 23, 2019): To be more clear, the pull did not implement CORS header support for the API, but it did implement support for them in git-over-http.

GiteaMirror commented 2025-11-02 04:46:45 -06:00

Author

Owner

Copy Link

@techknowlogick commented on GitHub (Jan 23, 2019):

That’s helpful information. Thanks :)

@techknowlogick commented on GitHub (Jan 23, 2019): That’s helpful information. Thanks :)

GiteaMirror commented 2025-11-02 04:46:45 -06:00

Author

Owner

Copy Link

@FallingSnow commented on GitHub (Jan 31, 2019):

It seems that Gitea doesn't add cors headers to non-option requests either. Cors headers are required on both preflight OPTION requests as well as the following intended requests.

@FallingSnow commented on GitHub (Jan 31, 2019): It seems that Gitea doesn't add cors headers to non-option requests either. Cors headers are required on both preflight `OPTION` requests as well as the following intended requests.

GiteaMirror commented 2025-11-02 04:46:45 -06:00

Author

Owner

Copy Link

@stale[bot] commented on GitHub (Apr 1, 2019):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale[bot] commented on GitHub (Apr 1, 2019): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

GiteaMirror commented 2025-11-02 04:46:46 -06:00

Author

Owner

Copy Link

@klappy commented on GitHub (Apr 16, 2019):

Has anybody made progress or found a functional work around for this issue?

@klappy commented on GitHub (Apr 16, 2019): Has anybody made progress or found a functional work around for this issue?

GiteaMirror commented 2025-11-02 04:46:47 -06:00

Author

Owner

Copy Link

@techknowlogick commented on GitHub (Apr 16, 2019):

Current workaround would be to use a reverse proxy that intercepts the request needed and returns the appropriate response.

There is a pending PR for this, however it is awaiting updates from contributor.

@techknowlogick commented on GitHub (Apr 16, 2019): Current workaround would be to use a reverse proxy that intercepts the request needed and returns the appropriate response. There is a pending PR for this, however it is awaiting updates from contributor.

GiteaMirror referenced this issue 2025-11-02 12:13:40 -06:00

[PR #2752] [MERGED] Update vendor github.com/lib/pq #16570

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label issue/confirmed type/enhancement

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#2752